<?php	
	$db = new MySQL();   
	$table = "product_item";
	$id = $_GET['id'];	
	$mod = $_GET['mod'];
	$curpg = 1;
	if(isset($_POST["curpg"])) $curpg = $_POST["curpg"];	
	  	
	if(isset($_POST["cbidcat"])) $cbidcat = $_POST["cbidcat"];	
	
	$title = (isset($_POST["title"]))?$_POST["title"]:"";
		$title = str_replace("'", "\\'", $title);
		$title = str_replace("\\\'", "\\'", $title);	
	$title_vn = (isset($_POST["title_vn"]))?$_POST["title_vn"]:"";
		$title_vn = str_replace("'", "\\'", $title_vn);
		$title_vn = str_replace("\\\'", "\\'", $title_vn);	
                
        $price = (isset($_POST["price"]))?$_POST["price"]:"";
	
	$titleurl = myurl($title);
		
	$new = (isset($_POST["new"]))?$_POST["new"]:"";
	$featured = (isset($_POST["featured"]))?$_POST["featured"]:"";
	
	$description = (isset($_POST["description"]))?$_POST["description"]:"";
		$description = str_replace("'", "\\'", $description);
		$description = str_replace("\\\'", "\\'", $description);	
	  
	$description_vn = (isset($_POST["description_vn"]))?$_POST["description_vn"]:"";
		$description_vn = str_replace("'", "\\'", $description_vn);
		$description_vn = str_replace("\\\'", "\\'", $description_vn);	
	
	$content = (isset($_POST["content"]))?$_POST["content"]:"";
		$content = str_replace("'", "\\'", $content);
		$content = str_replace("\\\'", "\\'", $content);
	
	$content_vn = (isset($_POST["content_vn"]))?$_POST["content_vn"]:"";
		$content_vn = str_replace("'", "\\'", $content_vn);
		$content_vn = str_replace("\\\'", "\\'", $content_vn);
	
	$titlepage = (isset($_POST["titlepage"]))?$_POST["titlepage"]:"";
		$titlepage = str_replace("'", "\\'", $titlepage);
		$titlepage = str_replace("\\\'", "\\'", $titlepage);
	
	
	$meta_key = (isset($_POST["meta_key"]))?$_POST["meta_key"]:"";	
		$meta_key = str_replace("'", "\\'", $meta_key);
		$meta_key = str_replace("\\\'", "\\'", $meta_key);
	$meta_des = (isset($_POST["meta_des"]))?$_POST["meta_des"]:"";	
		$meta_des = str_replace("'", "\\'", $meta_des);
		$meta_des = str_replace("\\\'", "\\'", $meta_des);		
		
	$dateadd = date("Y-m-d H:i:s");
					     		
	if ($_POST["form_"]=="edit")
	{	
		if(isset($_GET['id']))
		{
			$query_image = "select * from $table where id='$id'";
			$sql_image = $db->select($query_image);
			$tt_image = $db->fetch($sql_image);				
			$image  = $tt_image['image'];	
		}
		
		//image
		if ($_FILES['image']['name'] != "")	
		{				
						
			$parts1=pathinfo($_FILES['image']['name']);
			$ext1=".".strtolower($parts1["extension"]);																			

			
			if (file_exists("../product-img/".$_FILES["image"]["name"]))
			{
				$attach_file = date("sihdmy").$ext1;
			}
			else 
			{											  
				$attach_file = str_replace(" ","_",$_FILES["image"]["name"]);
			}
			
			if(move_uploaded_file($_FILES["image"]["tmp_name"], "../product-img/".$attach_file))
			{	
				$filemod = "../product-img/".$attach_file;
				$filemod_list = "../product-img/list/".$attach_file;
				$filemod_big = "../product-img/big/".$attach_file;
				
				chmod($filemod,0777);
	
				resize_jpg($filemod,$filemod_list,300,300);	
				resize_jpg($filemod,$filemod_big,800,800);				
				
				if($image !="" && file_exists("../product-img/".$image))   			unlink("../product-img/".$image); 
				if($image !="" && file_exists("../product-img/list/".$image))   	unlink("../product-img/list/".$image); 
				if($image !="" && file_exists("../product-img/big/".$image))   		unlink("../product-img/big/".$image);
				
				$image = $attach_file;
			}					
		}	
		
		if(isset($_GET['id']))
		{			
			$query="update $table set  idcat = '$cbidcat', title = '$title', title_vn = '$title_vn', titleurl = '$titleurl', featured = '$featured', image = '$image', description = '$description', description_vn = '$description_vn', content = '$content', content_vn = '$content_vn', titlepage = '$titlepage', meta_key = '$meta_key',  meta_des = '$meta_des', price='$price' ";
			$query.=" where id='$id'";			
			$sql = $db->update($query);								
			$db->close();							
			//echo "<script>location='?mod=".$mod."&act=list&idcat=$cbidcat'</script>";	
		
		}
		else{			
			// du lieu			
			//echo $image; die();
			$query="insert into $table ( idcat, title, title_vn, titleurl, featured, image, description, description_vn, content, content_vn, titlepage, meta_key, meta_des, price ) ";
			$query.=" values ( '$cbidcat', '$title', '$title_vn', '$titleurl', '$featured', '$image', '$description', '$description_vn', '$content', '$content_vn', '$titlepage', '$meta_key', '$meta_des', '$price'  )";
						
			$id = $db->insert($query);	
								
			$db->close();							
			echo "<script>location='?mod=".$mod."&act=list&idcat=$cbidcat'</script>";	}		
	}
	
	//delete 	
	if ( $_POST['form_']=="delete")
	{
		$listid=$_POST["listid"];
		$key_str =  substr($listid,0,strlen($listid)-1);
		$key = explode(',', $key_str);
		
		$strwhere="where id in ('".str_replace(",","','",$key_str)."')";	
		
		$query="select * from $table $strwhere";
		$sql = $db->select($query);
		while($tt = $db->fetch($sql))
		{
			$image = $tt['image'];
			if($image !="" && file_exists("../product-img/".$image))   			unlink("../product-img/".$image); 
			if($image !="" && file_exists("../product-img/list/".$image))   		unlink("../product-img/list/".$image); 
			if($image !="" && file_exists("../product-img/big/".$image))   		unlink("../product-img/big/".$image);
		}	
					
		$query="delete from $table $strwhere";
		$sql = $db->delete($query);				
	
		$db->close();
		echo "<script>location='?mod=".$mod."&act=list&curpg=".$curpg."'</script>";	
	}
	
	//save position 	
	if ( $_POST['form_']=="savepos")
	{
		$txtNew = $_POST["txtNew"]; 
		$txtFeatured = $_POST["txtFeatured"]; 
		
		$txtId = $_POST["txtId"]; 
		for($i = 0; $i < count($txtId); $i++)
		{			
			if (in_array($txtId[$i] , $txtNew, true))	$setvalue_new = " new = '1' ";
			else  $setvalue_new = " new = '0' ";	
			
			if (in_array($txtId[$i] , $txtFeatured, true))	$setvalue_featured = " featured = '1' ";
			else  $setvalue_featured = " featured = '0' ";			
			
			$query = "update $table set  $setvalue_featured, $setvalue_new "; 
			$query .= " where id='".$txtId[$i]."' ";
			//echo 	$query ."<br/>";	 
			$db->update($query);	
						
		}
		$db->close();
		echo "<script>location='?mod=".$mod."&act=list&curpg=".$curpg."'</script>";	
	}
	
?>
